Mobile communications provides access by mobile phones, Personal Digital Assistant PDAs, portable computers and a variety of other user equipment to communicate via radio access networks (RANs) to core networks for connection to other mobile devices, the Internet, and conventional land-line phones. The RANs are distributed over a geographical area typically divided into cells that are served by a corresponding base station. Base stations communicate over an air interface with the user equipment, with several base stations being connected to a radio network controller (RNC) or base station controller (BSC) that is connected to one or more core networks. In the typical situation, secure communications for users of the system may be provided through encryption and decryption at the base station. Communications between the core network and the base station is encrypted and communications between the base station and the wireless user equipment is also encrypted.
Mobile Networks are using a strong authentication method based on a shared secret configured on the network side in the Authentication Center of the HLR or the HSS, and on the terminal side in the Universal Integrated Circuit Card (UICC) containing a SIM (Subscriber Identity Module) application for a GSM network or a USIM (Universal Subscriber Identity Module) in a UMTS network.
This shared secret is an authentication key called Ki and the action to personalize a generic UICC card it with a given Ki is called personalization.
The authentication key is a 128 bit key used in the authentication and cipher key generation process. The authentication key is used to authenticate the UICC card on the mobile network. Each UICC contains this authentication key which is assigned to it by the operator during the personalization process.
So Mobile Network Operators (MNOs) are physically personalizing the UICC cards in their premises and once for all. Operators then send the personalized UICC card to the user, who will insert it in his mobile terminal to access the mobile network of the MNO. The personalization can also be outsourced to the UICC provider, but it is always configured physically and for ever.
Once the UICC card is personalized, the MNO gives it to the user, who will insert it in his mobile terminal to access the mobile network of the MNO.
This model is not adapted in case of UICC cards that must be embedded in devices before shipping to the final user, or for M2M (Machine to Machine) cases (e.g. consumer electronics, vending machines, car fleets). For those cases, a remote personalization of the UICC card is preferred.
There is need to allow the user to easily perform an initial configuration of the UICC of the device with an initial set of credentials, for any type of device, while having the freedom to choose the initial MNO and preserving confidentiality of authentication key.